Frequently Asked Questions
Q: How does the Splunk Adaptive Operations Framework address market needs?
A: IT security teams need help to improve how information from a layered defense is analyzed, how additional information and security context is retrieved from different security technologies, and how a range of actions are applied in any given security domain. The Splunk Adaptive Operations Framework aims to help security teams — from seasoned experts to junior analysts — better handle threats by reducing the time it takes to make decisions and take action when responding and adapting to threats.
Q: What happened to the Splunk Adaptive Response Initiative?
A: The Splunk Adaptive Operations Framework is the evolution of the Adaptive Response Initiative (ARI) to include the robust Phantom Community. The initiative's evolution does not change the overarching goal of customers achieving a "security nerve center" — with Splunk at the center — to improve cyber defense and security operations. The initiative allows vendors from different security domains to bring the benefits of collective intelligence to customers' security architectures. Both new and existing partners (those originally part of ARI or the Phantom Community) can benefit from more opportunities to collaborate and integrate with Splunk.
Q: Why is Splunk leading the initiative?
A: To overcome the challenges associated with bridging multiple security domains, the Splunk Adaptive Operations Framework uses Splunk software as the security nerve center. Customers have successfully implemented similar capabilities for many years, and Splunk technology and partnerships are foundational to accomplish the mission of the initiative.
Q: What companies are part of the initiative?
A: The Splunk Adaptive Operations Framework consists of over 240 leading security domain vendors across cloud security, endpoints, identity & access, network, orchestration, threat intelligence, WAF & app security, and web proxy firewall. To learn more, read our solution guide.
Q: Can new technology solution providers still join the initiative?
A: Yes, the initiative is designed to bring together innovative technologies to ensure the best context and response actions are available to customers. Any Splunk partner can take advantage of the opportunities within the Splunk Adaptive Operations Framework as well as out-of-box integration work if they want.
To join the Splunk Adaptive Operations Framework, read our Technology Partner FAQ and contact the Splunk team directly at firstname.lastname@example.org.
Q: How do I get the Splunk Adaptive Operations Framework functionality?
A: You can get functionality in a few ways:
- - Use Splunk and Partner-built integrations to ingest data from anywhere to be used in across Splunk solutions: Splunk Enterprise, Splunk Cloud, Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom.
- - Drive coordinated decisions with and actions with rich analytics and take orchestrated actions across a range of technologies in the SOC by using either Adaptive Response actions within Splunk Enterprise Security or Playbooks within Splunk Phantom. Learn more about Splunk Enterprise Security and Splunk Phantom.